US20100241841A1 - System and Method for Securing Executable Code - Google Patents
System and Method for Securing Executable Code Download PDFInfo
- Publication number
- US20100241841A1 US20100241841A1 US12/791,619 US79161910A US2010241841A1 US 20100241841 A1 US20100241841 A1 US 20100241841A1 US 79161910 A US79161910 A US 79161910A US 2010241841 A1 US2010241841 A1 US 2010241841A1
- Authority
- US
- United States
- Prior art keywords
- image
- memory
- code
- processor
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Definitions
- the invention described herein relates to information security, and more particularly to secure processing.
- Secure processing in a computing platform is a well known generic problem.
- any unintended or undesired alteration of executable code can have dire operational consequences.
- malicious code e.g., a Trojan horse
- instructions can be permuted by a hostile party, so that operations are performed by the processor out of order. Again, the consequences can be undesirable.
- Other threats may not be malicious.
- a hardware failure in memory, for example, may serve to alter the executable code. Clearly, this effects the operation of the processor and its results.
- executable code itself may represent information that must be maintained as a secret. Revealing the executable code could represent a undesirable compromise of sensitive data.
- executable code can be vulnerable in storage, as well as in transit between memory and a processor or its cache.
- the invention described herein provides for the secure storage of executable code and the secure movement of such code from memory to a processor.
- the invention includes the storage of an encrypted version of the code.
- the code is then decrypted and decompressed as necessary, before re-encryption in storage (e.g., in flash memory).
- the re-encrypted executable code is then written to external memory.
- As a cache line of executable code is required a fetch is performed but intercepted. In the interception process, the cache line is decrypted.
- the resulting plain text cache line is then stored in an instruction cache associated with a processor.
- FIG. 1 is a block diagram illustrating the overall structure and context of an embodiment of the invention.
- FIG. 2 illustrates executable code in encrypted and compressed form in flash memory, according to an embodiment of the invention.
- FIG. 3 illustrates external memory as it contains decrypted and decompressed executable code, according to an embodiment of the invention.
- FIG. 4 illustrates the fetch process, in which a cache line of code is decrypted and forwarded to an instruction cache, according to an embodiment of the invention.
- FIG. 5 is a flowchart illustrating the creation of an encrypted image, according to an embodiment of the invention.
- FIG. 6 is a flowchart illustrating the overall process of accessing and using the encrypted image, according to an embodiment of the invention.
- FIG. 7 is a flowchart illustrating the processor boot process in greater detail, according to an embodiment of the invention.
- FIG. 8 is a flowchart illustrating the process of switching to a secure mode, according to an embodiment of the invention.
- FIG. 9 is a flowchart illustrating the process of secure execution, according to an embodiment of the invention, according to an embodiment of the invention.
- FIG. 10 is a flowchart illustrating a simplified version of the process of the invention, according to an embodiment of the invention.
- the invention features a secure embedded processor system that is in communication with memory modules.
- An embodiment of the invention is illustrated generally in FIG. 1 .
- a secure embedded processor system 105 is shown interfaced to an external memory module 160 , and a flash memory module 175 .
- Flash memory 175 stores executable code (known hereinafter as the image) in a compressed and encrypted form.
- the encrypted compressed image is transferred to external memory 160 during the boot process. The image is then decrypted, decompressed, then re-encrypted for storage in external memory 160 .
- Instructions that are to be executed by processor 110 are fetched from external memory 160 one cache line at a time. The fetch, however, is intercepted by memory controller 150 . A cache line that is fetched is then decrypted by security controller 140 before being loaded into the instruction cache 130 .
- a key management module 170 which provides key management services for security controller 140 .
- an external interface 180 can also be provided to allow flash memory 175 to interface with system 105 .
- a peripheral component interconnect (PCI) interface 185 can also be provided to allow communication with secure embedded processor system 105 .
- PCI interface 185 , external interface 180 , key management module 170 , security controller 140 , and processor 110 are connected by an infrastructure 145 , such as a bus.
- Flash memory 175 is illustrated in greater detail in FIG. 2 .
- FIG. 2 illustrates the organization of the image as it resides in flash memory 175 .
- the image includes a segment of boot code 210 .
- This is followed by two blocks of code 220 and 230 .
- These two blocks are collectively encrypted with a first cryptographic key, referred to herein as an image key.
- these code blocks are encrypted using the Triple Data Encryption Standard (3DES) algorithm.
- code block 220 comprises logic required to decrypt the remaining block of code 230 .
- block 230 is compressed as well in the illustrated embodiment.
- Block 240 represents authentication data derived from blocks 210 , 220 , and 230 . Block does not represent part of the image per se.
- the authentication process is a hashed message authentication code (HMAC) process.
- HMAC hashed message authentication code
- FIG. 3 illustrates the structure of the image as it resides in external memory 160 after the image has been decrypted and decompressed.
- the memory is shown occupying 10 KB of memory in a block 330 .
- the starting address of this memory interval is addressed 310 .
- the ending address for this interval is addressed 320 .
- the starting and ending addresses 310 and 320 are forwarded to memory controller 150 . This serves as a security check, so that no instructions outside of these boundaries are allowed to be executed.
- FIG. 4 illustrates the flow and processing of instructions during a fetch from external memory 160 .
- the image is re-encrypted using a second key, to form a re-encrypted image 410 .
- the re-encrypted image 410 is fetched on a cache line basis.
- a cache line 420 is retrieved for decryption purposes by decryption logic 440 .
- the address 430 of cache line 420 is used to initialize the decryption process.
- the re-encryption process uses the Advanced Encryption Standard (AES) algorithm, in cipher block chaining (CBC) mode.
- AES Advanced Encryption Standard
- CBC cipher block chaining
- the re-encryption process can use the AES/CBC process in the decrypt mode. Consequently, in such an embodiment the decryption process 440 actually uses the encryption mode of AES.
- the resulting plain text cache line 450 is then forwarded to instruction cache 130 .
- the plain text cache line 450 is ultimately executed by processor 110 .
- key management module 170 Management and security functions related to protection of cryptographic keys are handled in part by key management module 170 , shown in FIG. 1 .
- secure embedded processor system 105 receives the image key in encrypted form.
- the encrypted image key is decrypted by key management module 170 using a session key.
- the resulting plain text image key can then be used by security controller 140 as described above.
- a time constraint can be associated with an image key, so that the image key may only be used for a given duration, or only up until a particular point in time. After this point, the key can no longer be used, and is said to be expired.
- security controller 140 can check whether the image key has expired prior to using this key. Alternatively, this check can be performed at the key management module 170 .
- FIG. 5 illustrates the initial compression and encryption process for the image as it is stored in the flash memory.
- the process begins at step 510 .
- the image is compressed.
- the image is hashed to produce an HMAC.
- the Secure Hash Algorithm 1 SHA-1
- the compressed image is encrypted with an image key.
- encryption can be performed using the 3DES algorithm.
- the resulting compressed encrypted image is stored in flash memory. The process concludes at step 560 .
- the overall process of securely accessing and executing the image is illustrated in FIG. 6 .
- the process begins at step 610 .
- the processor undergoes its boot operation.
- the portion of the image that is uncompressed is decrypted using the image key.
- this uncompressed code is executed.
- the logic in the uncompressed code portion of the code serves to decrypt the remaining image.
- the remaining portion of the image is decrypted with the image key.
- the image is authenticated. As described above, authentication can take place using the SHA-1 algorithm.
- step 670 the image is decompressed.
- secure execution can now take place. The process concludes at step 690 .
- step 620 of FIG. 6 The step of booting the processor (step 620 of FIG. 6 ) is illustrated in greater detail in FIG. 7 .
- the process begins at step 710 .
- step 720 the device state is reset.
- step 730 cryptographic keys are loaded for purposes of subsequent cryptographic processing.
- step 740 the image is moved from flash memory to external memory.
- the external memory can be implemented using double data rate synchronous dynamic random access memory (DDR SDRAM).
- step 750 the system is switched to secure mode.
- the process concludes at step 760 .
- step 750 of FIG. 7 The process of switching to a secure mode (step 750 of FIG. 7 ) is illustrated in greater detail in FIG. 8 .
- the process begins at step 810 .
- step 820 the processor state is cleared.
- step 830 the instruction and data caches associated with a processor are set to the invalid state. This prevents any information that happens to be residing in these caches from being used by the processor for execution.
- step 840 the upper and lower address boundaries of the image are forwarded to the memory controller, thereby limiting execution to the lower n kilobytes of DDR-SRAM.
- the process concludes at step 850 .
- the secure execution step (step 680 of FIG. 6 ) is illustrated in greater detail in FIG. 9 .
- the process begins at step 910 .
- step 915 the image is encrypted with a session key on a per cache line basis.
- the AES algorithm is used for this step in the CBC mode.
- AES can be used in its decryption configuration for this encryption process. This allows for error correction throughout the image encryption process.
- step 920 the encrypted image is written to external memory.
- step 925 an instruction cache line is fetched, wherein the cache line is taken from within the boundary addresses.
- the fetch is intercepted by the memory controller.
- step 935 the cache line is decrypted by the security controller.
- step 935 the decryption step 935 will actually use the encryption mode of AES/CBC.
- step 940 a determination is made in step 940 as to whether the resulting instruction is valid. If not, then the instruction is trapped in step 945 . Otherwise, the instruction is ready for execution in step 955 .
- step 960 a determination is made as to whether there are additional instructions to be fetched and executed, or whether the process is to halt. If the process halts, then the process concludes at step 950 . Otherwise, the process returns to step 925 , where an additional cache line is fetched.
- FIG. 10 An alternative method of the invention is illustrated in FIG. 10 .
- the process begins at step 1005 .
- step 1010 the boot process is initiated from on-board read only memory (ROM).
- step 1015 the boot code is submitted to the security module.
- step 1020 the boot code is hashed.
- the security module retains the hash value during this step.
- step 1025 execution of the boot code is commenced.
- step 1030 the compressed code is hashed, such that the security module retains the resulting cache value.
- the hash value is signed.
- the encrypted image is transferred to external memory.
- external memory can be implemented as DDR-SRAM.
- step 1045 the uncompressed code is decrypted with the image key.
- step 1050 the uncompressed code is executed.
- step 1055 the remaining image is decrypted with the image key.
- step 1060 the remaining image is decrypted as necessary. The process concludes at step 1065 .
Abstract
Description
- This application is a Continuation of co-pending U.S. application Ser. No. 10/879,349 filed on Jun. 30, 2004 by BUER, Mark, entitled “SYSTEM AND METHOD FOR SECURING EXECUTABLE CODE,” which claims the benefit of U.S. Provisional Application No. 60/518,323, filed on Nov. 10, 2003, entitled “SYSTEM AND METHOD FOR SECURING EXECUTABLE CODE,” each of which is incorporated by reference herein in its entirety.
- 1. Field of the Invention
- The invention described herein relates to information security, and more particularly to secure processing.
- 2. Related Art
- Secure processing in a computing platform is a well known generic problem. In particular any unintended or undesired alteration of executable code can have dire operational consequences. For example, malicious code (e.g., a Trojan horse) can be inserted to executable code to cause the processor to perform actions that are undesirable and/or unpredictable. Alternatively, instructions can be permuted by a hostile party, so that operations are performed by the processor out of order. Again, the consequences can be undesirable. Other threats may not be malicious. A hardware failure in memory, for example, may serve to alter the executable code. Clearly, this effects the operation of the processor and its results.
- In addition, security may an issue with respect to the programmed logic itself. The executable code itself may represent information that must be maintained as a secret. Revealing the executable code could represent a undesirable compromise of sensitive data. In general, executable code can be vulnerable in storage, as well as in transit between memory and a processor or its cache.
- In light of such known threats and vulnerabilities, a system and method is needed that protects against the above scenarios, such that the processor performs only the intended operations and the confidentiality of its program is maintained.
- The invention described herein provides for the secure storage of executable code and the secure movement of such code from memory to a processor. The invention includes the storage of an encrypted version of the code. The code is then decrypted and decompressed as necessary, before re-encryption in storage (e.g., in flash memory). The re-encrypted executable code is then written to external memory. As a cache line of executable code is required, a fetch is performed but intercepted. In the interception process, the cache line is decrypted. The resulting plain text cache line is then stored in an instruction cache associated with a processor.
-
FIG. 1 is a block diagram illustrating the overall structure and context of an embodiment of the invention. -
FIG. 2 illustrates executable code in encrypted and compressed form in flash memory, according to an embodiment of the invention. -
FIG. 3 illustrates external memory as it contains decrypted and decompressed executable code, according to an embodiment of the invention. -
FIG. 4 illustrates the fetch process, in which a cache line of code is decrypted and forwarded to an instruction cache, according to an embodiment of the invention. -
FIG. 5 is a flowchart illustrating the creation of an encrypted image, according to an embodiment of the invention. -
FIG. 6 is a flowchart illustrating the overall process of accessing and using the encrypted image, according to an embodiment of the invention. -
FIG. 7 is a flowchart illustrating the processor boot process in greater detail, according to an embodiment of the invention. -
FIG. 8 is a flowchart illustrating the process of switching to a secure mode, according to an embodiment of the invention. -
FIG. 9 is a flowchart illustrating the process of secure execution, according to an embodiment of the invention, according to an embodiment of the invention. -
FIG. 10 is a flowchart illustrating a simplified version of the process of the invention, according to an embodiment of the invention. - A preferred embodiment of the present invention is now described to with reference to the figures, where like reference numbers indicate identical or functionally similar elements. Also in the figures, the left most digit of each reference number corresponds to the figure in which the reference number is first used. While specific configurations and arrangements are discussed, it should be understood that this is done for illustrative purposes only. A person skilled in the relevant art will recognize that other configurations and arrangements can be used without departing from the spirit and scope of the invention. It will be apparent to a person skilled in the relevant art that this invention can also be employed in a variety of devices, systems, and applications.
- A preferred embodiment of the present invention is now described with reference to the figures, where like reference numbers indicate identical or functionally similar elements. Also in the figures, the left most digit of each reference number corresponds to the figure in which the reference number is first used. While specific configurations and arrangements are discussed, it should be understood that this is done for illustrative purposes only. A person skilled in the relevant art will recognize that other configurations and arrangements can be used without departing from the spirit and scope of the invention. It will be apparent to a person skilled in the relevant art that this invention can also be employed in a variety of devices and applications.
- The invention features a secure embedded processor system that is in communication with memory modules. An embodiment of the invention is illustrated generally in
FIG. 1 . A secure embeddedprocessor system 105 is shown interfaced to anexternal memory module 160, and aflash memory module 175. Flashmemory 175 stores executable code (known hereinafter as the image) in a compressed and encrypted form. As will be described in greater detail below, the encrypted compressed image is transferred toexternal memory 160 during the boot process. The image is then decrypted, decompressed, then re-encrypted for storage inexternal memory 160. - Instructions that are to be executed by
processor 110 are fetched fromexternal memory 160 one cache line at a time. The fetch, however, is intercepted bymemory controller 150. A cache line that is fetched is then decrypted bysecurity controller 140 before being loaded into theinstruction cache 130. - Also shown in secure embedded
processor system 105 is akey management module 170, which provides key management services forsecurity controller 140. In an embodiment of the invention, anexternal interface 180 can also be provided to allowflash memory 175 to interface withsystem 105. A peripheral component interconnect (PCI)interface 185 can also be provided to allow communication with secure embeddedprocessor system 105.PCI interface 185,external interface 180,key management module 170,security controller 140, andprocessor 110 are connected by aninfrastructure 145, such as a bus. -
Flash memory 175 is illustrated in greater detail inFIG. 2 .FIG. 2 illustrates the organization of the image as it resides inflash memory 175. The image includes a segment ofboot code 210. This is followed by two blocks ofcode code block 220 comprises logic required to decrypt the remaining block ofcode 230. Note thatblock 230 is compressed as well in the illustrated embodiment.Block 240 represents authentication data derived fromblocks -
FIG. 3 illustrates the structure of the image as it resides inexternal memory 160 after the image has been decrypted and decompressed. The memory is shown occupying 10 KB of memory in ablock 330. The starting address of this memory interval is addressed 310. The ending address for this interval is addressed 320. In an embodiment of the invention, the starting and ending addresses 310 and 320 are forwarded tomemory controller 150. This serves as a security check, so that no instructions outside of these boundaries are allowed to be executed. -
FIG. 4 illustrates the flow and processing of instructions during a fetch fromexternal memory 160. After the image has been decrypted, the image is re-encrypted using a second key, to form are-encrypted image 410. There-encrypted image 410 is fetched on a cache line basis. Acache line 420 is retrieved for decryption purposes bydecryption logic 440. In the illustrated embodiment, the address 430 ofcache line 420 is used to initialize the decryption process. In an embodiment of the invention, the re-encryption process uses the Advanced Encryption Standard (AES) algorithm, in cipher block chaining (CBC) mode. Moreover, in an embodiment of the invention, the re-encryption process can use the AES/CBC process in the decrypt mode. Consequently, in such an embodiment thedecryption process 440 actually uses the encryption mode of AES. The resulting plaintext cache line 450 is then forwarded toinstruction cache 130. The plaintext cache line 450 is ultimately executed byprocessor 110. - Management and security functions related to protection of cryptographic keys are handled in part by
key management module 170, shown inFIG. 1 . In particular, in an embodiment of the invention, secure embeddedprocessor system 105 receives the image key in encrypted form. The encrypted image key is decrypted bykey management module 170 using a session key. The resulting plain text image key can then be used bysecurity controller 140 as described above. - Moreover, a time constraint can be associated with an image key, so that the image key may only be used for a given duration, or only up until a particular point in time. After this point, the key can no longer be used, and is said to be expired. In an embodiment of the invention,
security controller 140 can check whether the image key has expired prior to using this key. Alternatively, this check can be performed at thekey management module 170. -
FIG. 5 illustrates the initial compression and encryption process for the image as it is stored in the flash memory. The process begins atstep 510. Instep 520, the image is compressed. Instep 530, the image is hashed to produce an HMAC. In an embodiment of the invention, the Secure Hash Algorithm 1 (SHA-1) is used. Instep 540, the compressed image is encrypted with an image key. As mentioned above, encryption can be performed using the 3DES algorithm. Instep 550, the resulting compressed encrypted image is stored in flash memory. The process concludes atstep 560. - The overall process of securely accessing and executing the image is illustrated in
FIG. 6 . The process begins atstep 610. Instep 620, the processor undergoes its boot operation. Instep 630, the portion of the image that is uncompressed is decrypted using the image key. Instep 640, this uncompressed code is executed. The logic in the uncompressed code portion of the code serves to decrypt the remaining image. Instep 650, the remaining portion of the image is decrypted with the image key. Instep 660, the image is authenticated. As described above, authentication can take place using the SHA-1 algorithm. Instep 670, the image is decompressed. Instep 680, secure execution can now take place. The process concludes atstep 690. - The step of booting the processor (step 620 of
FIG. 6 ) is illustrated in greater detail inFIG. 7 . The process begins atstep 710. Instep 720, the device state is reset. Instep 730, cryptographic keys are loaded for purposes of subsequent cryptographic processing. Instep 740, the image is moved from flash memory to external memory. In an embodiment of the invention, the external memory can be implemented using double data rate synchronous dynamic random access memory (DDR SDRAM). Instep 750, the system is switched to secure mode. The process concludes atstep 760. - The process of switching to a secure mode (step 750 of
FIG. 7 ) is illustrated in greater detail inFIG. 8 . The process begins atstep 810. In step 820, the processor state is cleared. Instep 830, the instruction and data caches associated with a processor are set to the invalid state. This prevents any information that happens to be residing in these caches from being used by the processor for execution. Instep 840, the upper and lower address boundaries of the image are forwarded to the memory controller, thereby limiting execution to the lower n kilobytes of DDR-SRAM. The process concludes atstep 850. - The secure execution step (step 680 of
FIG. 6 ) is illustrated in greater detail inFIG. 9 . The process begins at step 910. Instep 915, the image is encrypted with a session key on a per cache line basis. In an embodiment of the invention, the AES algorithm is used for this step in the CBC mode. Moreover, AES can be used in its decryption configuration for this encryption process. This allows for error correction throughout the image encryption process. Instep 920, the encrypted image is written to external memory. Instep 925, an instruction cache line is fetched, wherein the cache line is taken from within the boundary addresses. Instep 930, the fetch is intercepted by the memory controller. Instep 935, the cache line is decrypted by the security controller. If the encryption process used the AES/CBC algorithm in decryption mode, then thedecryption step 935 will actually use the encryption mode of AES/CBC. After decryption of the cache line instep 935, a determination is made instep 940 as to whether the resulting instruction is valid. If not, then the instruction is trapped instep 945. Otherwise, the instruction is ready for execution instep 955. Instep 960, a determination is made as to whether there are additional instructions to be fetched and executed, or whether the process is to halt. If the process halts, then the process concludes atstep 950. Otherwise, the process returns to step 925, where an additional cache line is fetched. - An alternative method of the invention is illustrated in
FIG. 10 . The process begins atstep 1005. Instep 1010, the boot process is initiated from on-board read only memory (ROM). Instep 1015, the boot code is submitted to the security module. Instep 1020, the boot code is hashed. The security module retains the hash value during this step. Instep 1025, execution of the boot code is commenced. Instep 1030, the compressed code is hashed, such that the security module retains the resulting cache value. Instep 1035, the hash value is signed. Instep 1040, the encrypted image is transferred to external memory. As mentioned above, in an embodiment of the invention, external memory can be implemented as DDR-SRAM. Instep 1045, the uncompressed code is decrypted with the image key. Instep 1050, the uncompressed code is executed. Instep 1055, the remaining image is decrypted with the image key. Instep 1060, the remaining image is decrypted as necessary. The process concludes atstep 1065. - While various embodiments of the present invention have been described above, it should be understood that they have been presented by way of example, and not limitation. It would be apparent to persons skilled in the relevant art that various changes and detail can be made therein without departing from the spirit and scope of the invention. Thus the present invention should not be limited by any of the above described exemplary embodiments.
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/791,619 US8799678B2 (en) | 2003-11-10 | 2010-06-01 | System and method for securing executable code |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US51832303P | 2003-11-10 | 2003-11-10 | |
US10/879,349 US7734932B2 (en) | 2003-11-10 | 2004-06-30 | System and method for securing executable code |
US12/791,619 US8799678B2 (en) | 2003-11-10 | 2010-06-01 | System and method for securing executable code |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/879,349 Continuation US7734932B2 (en) | 2003-11-10 | 2004-06-30 | System and method for securing executable code |
Publications (2)
Publication Number | Publication Date |
---|---|
US20100241841A1 true US20100241841A1 (en) | 2010-09-23 |
US8799678B2 US8799678B2 (en) | 2014-08-05 |
Family
ID=34468046
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/879,349 Active 2027-07-14 US7734932B2 (en) | 2003-11-10 | 2004-06-30 | System and method for securing executable code |
US12/791,619 Expired - Fee Related US8799678B2 (en) | 2003-11-10 | 2010-06-01 | System and method for securing executable code |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/879,349 Active 2027-07-14 US7734932B2 (en) | 2003-11-10 | 2004-06-30 | System and method for securing executable code |
Country Status (4)
Country | Link |
---|---|
US (2) | US7734932B2 (en) |
EP (1) | EP1536308A3 (en) |
CN (1) | CN100542085C (en) |
TW (1) | TWI298591B (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8726044B2 (en) * | 2012-07-31 | 2014-05-13 | Hewlett-Packard Development Company, L.P. | Encrypting data on primary storage device and on cache storage device |
CN107924367A (en) * | 2015-08-17 | 2018-04-17 | 美光科技公司 | Calculate the encryption of eecutable item in memory |
US20190229913A1 (en) * | 2018-01-25 | 2019-07-25 | Micron Technology, Inc. | Certifying Authenticity of Stored Code and Code Updates |
US10715321B2 (en) | 2017-12-22 | 2020-07-14 | Micron Technology, Inc. | Physical unclonable function using message authentication code |
US10778661B2 (en) | 2018-04-27 | 2020-09-15 | Micron Technology, Inc. | Secure distribution of secret key using a monotonic counter |
US10906506B2 (en) | 2017-12-28 | 2021-02-02 | Micron Technology, Inc. | Security of user data stored in shared vehicles |
US11341282B2 (en) * | 2019-05-09 | 2022-05-24 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method for the execution of a binary code of a secure function by a microprocessor |
US11461476B2 (en) * | 2019-03-21 | 2022-10-04 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method for executing a binary code of a function secured by a microprocessor |
Families Citing this family (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7734932B2 (en) * | 2003-11-10 | 2010-06-08 | Broadcom Corporation | System and method for securing executable code |
EP1610490A1 (en) * | 2004-06-21 | 2005-12-28 | France Telecom | Method and apparatus for data encryption or decryption |
CN101433013A (en) * | 2006-04-07 | 2009-05-13 | 英特尔公司 | Method and apparatus to mate an external code image with an on-chip private key |
EP1855476A3 (en) * | 2006-05-11 | 2010-10-27 | Broadcom Corporation | System and method for trusted data processing |
US8108692B1 (en) | 2006-06-27 | 2012-01-31 | Siliconsystems, Inc. | Solid-state storage subsystem security solution |
US8150036B2 (en) | 2007-10-31 | 2012-04-03 | Igt | Encrypted data installation |
US20090125726A1 (en) * | 2007-11-14 | 2009-05-14 | Mcm Portfolio Llc | Method and Apparatus of Providing the Security and Error Correction Capability for Memory Storage Devices |
WO2010057065A2 (en) * | 2008-11-14 | 2010-05-20 | Intel Corporation | Method and apparatus to provide secure application execution |
US8356184B1 (en) | 2009-06-25 | 2013-01-15 | Western Digital Technologies, Inc. | Data storage device comprising a secure processor for maintaining plaintext access to an LBA table |
TWI497344B (en) * | 2010-05-17 | 2015-08-21 | Via Tech Inc | Microprocessor and method for generating unpredictable key |
US8856504B2 (en) * | 2010-06-07 | 2014-10-07 | Cisco Technology, Inc. | Secure virtual machine bootstrap in untrusted cloud infrastructures |
WO2012148812A2 (en) | 2011-04-29 | 2012-11-01 | Lsi Corporation | Encrypted transport solid-state disk controller |
US8839001B2 (en) * | 2011-07-06 | 2014-09-16 | The Boeing Company | Infinite key memory transaction unit |
GB2509422B (en) * | 2011-09-29 | 2020-12-30 | Hewlett Packard Development Co | Decryption and encryption of application data |
US9305142B1 (en) | 2011-12-19 | 2016-04-05 | Western Digital Technologies, Inc. | Buffer memory protection unit |
US9152577B2 (en) * | 2012-08-17 | 2015-10-06 | Broadcom Corporation | Security central processing unit management of a transcoder pipeline |
US9189411B2 (en) | 2012-12-28 | 2015-11-17 | Intel Corporation | Logging in secure enclaves |
US9323686B2 (en) | 2012-12-28 | 2016-04-26 | Intel Corporation | Paging in secure enclaves |
US9747102B2 (en) * | 2012-12-28 | 2017-08-29 | Intel Corporation | Memory management in secure enclaves |
US20140281587A1 (en) * | 2013-03-14 | 2014-09-18 | Ologn Technologies Ag | Systems, methods and apparatuses for using a secure non-volatile storage with a computer processor |
US9215067B2 (en) * | 2013-04-05 | 2015-12-15 | International Business Machines Corporation | Achieving storage efficiency in presence of end-to-end encryption using downstream decrypters |
US9846656B2 (en) | 2013-04-17 | 2017-12-19 | Laurence H. Cooke | Secure computing |
US9280490B2 (en) | 2013-04-17 | 2016-03-08 | Laurence H. Cooke | Secure computing |
US9501668B2 (en) * | 2013-09-25 | 2016-11-22 | Intel Corporation | Secure video ouput path |
US9639671B2 (en) * | 2014-05-27 | 2017-05-02 | Assured Information Security, Inc. | Secure execution of encrypted program instructions |
US9703733B2 (en) | 2014-06-27 | 2017-07-11 | Intel Corporation | Instructions and logic to interrupt and resume paging in a secure enclave page cache |
CN104331671A (en) * | 2014-10-30 | 2015-02-04 | 无锡市合鑫川自动化设备有限公司 | Method and system for uploading safety code onto slave equipment of computer |
FR3030827B1 (en) * | 2014-12-19 | 2017-01-27 | Stmicroelectronics (Grenoble 2) Sas | METHOD AND DEVICE FOR SECURE PROCESSING OF CRYPTED DATA |
US9852301B2 (en) * | 2014-12-24 | 2017-12-26 | Intel Corporation | Creating secure channels between a protected execution environment and fixed-function endpoints |
CN105024805B (en) * | 2015-07-24 | 2018-06-29 | 东南大学 | A kind of improved CBC patterns 3DES encryption method |
US10311217B2 (en) * | 2016-12-09 | 2019-06-04 | Microsoft Technology Licensing, Llc | Application piracy prevention with secure enclave protection of automatically modularized functions |
EP3460709B1 (en) * | 2017-09-26 | 2022-02-09 | Secure-IC SAS | Devices and methods for secured processors |
CN109753821B (en) * | 2017-11-01 | 2022-03-15 | 瑞昱半导体股份有限公司 | Data access device and method |
KR20190075363A (en) * | 2017-12-21 | 2019-07-01 | 삼성전자주식회사 | Semiconductor memory device, memory system and memory module including the same |
US10552344B2 (en) | 2017-12-26 | 2020-02-04 | Intel Corporation | Unblock instruction to reverse page block during paging |
CN112035866B (en) * | 2020-11-04 | 2021-07-23 | 湖北芯擎科技有限公司 | Data encryption method, device, equipment and computer readable storage medium |
US20230205514A1 (en) * | 2021-12-27 | 2023-06-29 | Honeywell International Inc. | Bsidiff delta upgrade in external storage |
Citations (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4558176A (en) * | 1982-09-20 | 1985-12-10 | Arnold Mark G | Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software |
US5359659A (en) * | 1992-06-19 | 1994-10-25 | Doren Rosenthal | Method for securing software against corruption by computer viruses |
US5666411A (en) * | 1994-01-13 | 1997-09-09 | Mccarty; Johnnie C. | System for computer software protection |
US5940513A (en) * | 1995-08-25 | 1999-08-17 | Intel Corporation | Parameterized hash functions for access control |
US5943421A (en) * | 1995-09-11 | 1999-08-24 | Norand Corporation | Processor having compression and encryption circuitry |
US6141698A (en) * | 1997-01-29 | 2000-10-31 | Network Commerce Inc. | Method and system for injecting new code into existing application code |
US20020038428A1 (en) * | 2000-07-18 | 2002-03-28 | Safa John Aram | Digital data protection arrangement |
US20020073316A1 (en) * | 1998-02-03 | 2002-06-13 | Thomas Collins | Cryptographic system enabling ownership of a secure process |
US20020112158A1 (en) * | 2001-02-14 | 2002-08-15 | Golchikov Andrey Vladimirovich | Executable file protection |
US20020129244A1 (en) * | 2001-03-07 | 2002-09-12 | Dacosta Behram Mario | Method for securing software via late stage processor instruction decryption |
US20030005282A1 (en) * | 2001-06-27 | 2003-01-02 | International Business Machines Corporation | Method, system, and product for pre-encrypting static information transmitted by secure web sites |
US6523118B1 (en) * | 1998-06-29 | 2003-02-18 | Koninklijke Philips Electronics N.V. | Secure cache for instruction and data protection |
US20030046563A1 (en) * | 2001-08-16 | 2003-03-06 | Dallas Semiconductor | Encryption-based security protection for processors |
US20040177260A1 (en) * | 2003-03-06 | 2004-09-09 | International Business Machines Corporation | System and method for remote code integrity in distributed systems |
US6834346B1 (en) * | 1998-07-30 | 2004-12-21 | Sony Corporation | Content processing system |
US20050075998A1 (en) * | 2002-02-08 | 2005-04-07 | Zhongyang Huang | Process of ipmp scheme description for digital item |
US20050100163A1 (en) * | 2003-11-10 | 2005-05-12 | Broadcom Corporation | System and method for securing executable code |
US6910094B1 (en) * | 1997-10-08 | 2005-06-21 | Koninklijke Philips Electronics N.V. | Secure memory management unit which uses multiple cryptographic algorithms |
US6970565B1 (en) * | 2000-12-22 | 2005-11-29 | Xm Satellite Radio Inc. | Apparatus for and method of securely downloading and installing a program patch in a processing device |
US7055039B2 (en) * | 2003-04-14 | 2006-05-30 | Sony Corporation | Protection of digital content using block cipher crytography |
US7266842B2 (en) * | 2002-04-18 | 2007-09-04 | International Business Machines Corporation | Control function implementing selective transparent data authentication within an integrated system |
US7321910B2 (en) * | 2003-04-18 | 2008-01-22 | Ip-First, Llc | Microprocessor apparatus and method for performing block cipher cryptographic functions |
US7472285B2 (en) * | 2003-06-25 | 2008-12-30 | Intel Corporation | Apparatus and method for memory encryption with reduced decryption latency |
US7509639B2 (en) * | 2003-03-04 | 2009-03-24 | Secure64 Software Corp. | Customized execution environment |
US7761717B2 (en) * | 2001-07-10 | 2010-07-20 | Trident Microsystems (Far East) Ltd. | Memory device with data security in a processor |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5224166A (en) | 1992-08-11 | 1993-06-29 | International Business Machines Corporation | System for seamless processing of encrypted and non-encrypted data and instructions |
CN100405247C (en) | 1999-03-03 | 2008-07-23 | 索尼公司 | Data processing device, data processing method, terminal, transmission method for data processing device |
DE60228027D1 (en) | 2001-07-06 | 2008-09-18 | Texas Instruments Inc | Secure bootloader for backing up digital devices |
-
2004
- 2004-06-30 US US10/879,349 patent/US7734932B2/en active Active
- 2004-11-04 EP EP04026195A patent/EP1536308A3/en not_active Withdrawn
- 2004-11-09 CN CNB2004100920414A patent/CN100542085C/en not_active Expired - Fee Related
- 2004-11-10 TW TW093134287A patent/TWI298591B/en not_active IP Right Cessation
-
2010
- 2010-06-01 US US12/791,619 patent/US8799678B2/en not_active Expired - Fee Related
Patent Citations (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4558176A (en) * | 1982-09-20 | 1985-12-10 | Arnold Mark G | Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software |
US5359659A (en) * | 1992-06-19 | 1994-10-25 | Doren Rosenthal | Method for securing software against corruption by computer viruses |
US5666411A (en) * | 1994-01-13 | 1997-09-09 | Mccarty; Johnnie C. | System for computer software protection |
US5940513A (en) * | 1995-08-25 | 1999-08-17 | Intel Corporation | Parameterized hash functions for access control |
US5943421A (en) * | 1995-09-11 | 1999-08-24 | Norand Corporation | Processor having compression and encryption circuitry |
US6141698A (en) * | 1997-01-29 | 2000-10-31 | Network Commerce Inc. | Method and system for injecting new code into existing application code |
US6910094B1 (en) * | 1997-10-08 | 2005-06-21 | Koninklijke Philips Electronics N.V. | Secure memory management unit which uses multiple cryptographic algorithms |
US20020073316A1 (en) * | 1998-02-03 | 2002-06-13 | Thomas Collins | Cryptographic system enabling ownership of a secure process |
US6523118B1 (en) * | 1998-06-29 | 2003-02-18 | Koninklijke Philips Electronics N.V. | Secure cache for instruction and data protection |
US6834346B1 (en) * | 1998-07-30 | 2004-12-21 | Sony Corporation | Content processing system |
US20020038428A1 (en) * | 2000-07-18 | 2002-03-28 | Safa John Aram | Digital data protection arrangement |
US6970565B1 (en) * | 2000-12-22 | 2005-11-29 | Xm Satellite Radio Inc. | Apparatus for and method of securely downloading and installing a program patch in a processing device |
US20020112158A1 (en) * | 2001-02-14 | 2002-08-15 | Golchikov Andrey Vladimirovich | Executable file protection |
US20020129244A1 (en) * | 2001-03-07 | 2002-09-12 | Dacosta Behram Mario | Method for securing software via late stage processor instruction decryption |
US20030005282A1 (en) * | 2001-06-27 | 2003-01-02 | International Business Machines Corporation | Method, system, and product for pre-encrypting static information transmitted by secure web sites |
US7761717B2 (en) * | 2001-07-10 | 2010-07-20 | Trident Microsystems (Far East) Ltd. | Memory device with data security in a processor |
US20030046563A1 (en) * | 2001-08-16 | 2003-03-06 | Dallas Semiconductor | Encryption-based security protection for processors |
US20050075998A1 (en) * | 2002-02-08 | 2005-04-07 | Zhongyang Huang | Process of ipmp scheme description for digital item |
US7266842B2 (en) * | 2002-04-18 | 2007-09-04 | International Business Machines Corporation | Control function implementing selective transparent data authentication within an integrated system |
US7509639B2 (en) * | 2003-03-04 | 2009-03-24 | Secure64 Software Corp. | Customized execution environment |
US20040177260A1 (en) * | 2003-03-06 | 2004-09-09 | International Business Machines Corporation | System and method for remote code integrity in distributed systems |
US7055039B2 (en) * | 2003-04-14 | 2006-05-30 | Sony Corporation | Protection of digital content using block cipher crytography |
US7321910B2 (en) * | 2003-04-18 | 2008-01-22 | Ip-First, Llc | Microprocessor apparatus and method for performing block cipher cryptographic functions |
US7472285B2 (en) * | 2003-06-25 | 2008-12-30 | Intel Corporation | Apparatus and method for memory encryption with reduced decryption latency |
US20050100163A1 (en) * | 2003-11-10 | 2005-05-12 | Broadcom Corporation | System and method for securing executable code |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8726044B2 (en) * | 2012-07-31 | 2014-05-13 | Hewlett-Packard Development Company, L.P. | Encrypting data on primary storage device and on cache storage device |
CN107924367A (en) * | 2015-08-17 | 2018-04-17 | 美光科技公司 | Calculate the encryption of eecutable item in memory |
US10715321B2 (en) | 2017-12-22 | 2020-07-14 | Micron Technology, Inc. | Physical unclonable function using message authentication code |
US10906506B2 (en) | 2017-12-28 | 2021-02-02 | Micron Technology, Inc. | Security of user data stored in shared vehicles |
US11801805B2 (en) | 2017-12-28 | 2023-10-31 | Micron Technology, Inc. | Security of user data stored in shared vehicles |
US20190229913A1 (en) * | 2018-01-25 | 2019-07-25 | Micron Technology, Inc. | Certifying Authenticity of Stored Code and Code Updates |
US10924277B2 (en) * | 2018-01-25 | 2021-02-16 | Micron Technology, Inc. | Certifying authenticity of stored code and code updates |
US10778661B2 (en) | 2018-04-27 | 2020-09-15 | Micron Technology, Inc. | Secure distribution of secret key using a monotonic counter |
US11461476B2 (en) * | 2019-03-21 | 2022-10-04 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method for executing a binary code of a function secured by a microprocessor |
US11341282B2 (en) * | 2019-05-09 | 2022-05-24 | Commissariat A L'energie Atomique Et Aux Energies Alternatives | Method for the execution of a binary code of a secure function by a microprocessor |
Also Published As
Publication number | Publication date |
---|---|
US7734932B2 (en) | 2010-06-08 |
CN1677922A (en) | 2005-10-05 |
TW200527872A (en) | 2005-08-16 |
US8799678B2 (en) | 2014-08-05 |
US20050100163A1 (en) | 2005-05-12 |
TWI298591B (en) | 2008-07-01 |
CN100542085C (en) | 2009-09-16 |
EP1536308A2 (en) | 2005-06-01 |
EP1536308A3 (en) | 2006-05-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8799678B2 (en) | System and method for securing executable code | |
US9043615B2 (en) | Method and apparatus for a trust processor | |
US8347114B2 (en) | Method and apparatus for enforcing a predetermined memory mapping | |
JP4774049B2 (en) | Method and program for secure inter-platform and intra-platform communication | |
EP1648109B1 (en) | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function | |
US7636858B2 (en) | Management of a trusted cryptographic processor | |
US20090282254A1 (en) | Trusted mobile platform architecture | |
KR101567620B1 (en) | Secure memory management system and method | |
US7457960B2 (en) | Programmable processor supporting secure mode | |
JP2013232219A (en) | Methods and apparatus for secure handling of data in microcontroller | |
EP4195583A1 (en) | Data encryption method and apparatus, data decryption method and apparatus, terminal, and storage medium | |
US20210382985A1 (en) | Virus immune computer system and method | |
US20170060775A1 (en) | Methods and architecture for encrypting and decrypting data | |
US20200242235A1 (en) | Virus immune computer system and method | |
CN116776397A (en) | Method for verifying data in a computing unit | |
Vaslin et al. | High Efficiency Protection Solution for Off-Chip Memory in Embedded Systems | |
KR20200055529A (en) | Method for decoding encrypted data stored in an engine control unit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: BROADCOM CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BUER, MARK;REEL/FRAME:024466/0627 Effective date: 20040624 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH CAROLINA Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001 Effective date: 20160201 Owner name: BANK OF AMERICA, N.A., AS COLLATERAL AGENT, NORTH Free format text: PATENT SECURITY AGREEMENT;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:037806/0001 Effective date: 20160201 |
|
AS | Assignment |
Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD., SINGAPORE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001 Effective date: 20170120 Owner name: AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BROADCOM CORPORATION;REEL/FRAME:041706/0001 Effective date: 20170120 |
|
AS | Assignment |
Owner name: BROADCOM CORPORATION, CALIFORNIA Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:BANK OF AMERICA, N.A., AS COLLATERAL AGENT;REEL/FRAME:041712/0001 Effective date: 20170119 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551) Year of fee payment: 4 |
|
AS | Assignment |
Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE Free format text: MERGER;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:047230/0910 Effective date: 20180509 |
|
AS | Assignment |
Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE EFFECTIVE DATE OF THE MERGER PREVIOUSLY RECORDED AT REEL: 047230 FRAME: 0910. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:047351/0384 Effective date: 20180905 |
|
AS | Assignment |
Owner name: AVAGO TECHNOLOGIES INTERNATIONAL SALES PTE. LIMITE Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ERROR IN RECORDING THE MERGER IN THE INCORRECT US PATENT NO. 8,876,094 PREVIOUSLY RECORDED ON REEL 047351 FRAME 0384. ASSIGNOR(S) HEREBY CONFIRMS THE MERGER;ASSIGNOR:AVAGO TECHNOLOGIES GENERAL IP (SINGAPORE) PTE. LTD.;REEL/FRAME:049248/0558 Effective date: 20180905 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20220805 |